Malware attack vectors

Posted on by ccsretail

Most common method of malicious code infecting your computer requires user interaction.

A recent study released by Microsoft, shows that the most common method of malicious code infecting your computer requires user interaction.

Nearly half of the malware required direct user action.  Such things as pop-up ads claiming that your computer is infected, and emails with attachments directing you to malicious sites, are examples of this method.

The next two most common attack methods make use of auto-run in Windows.  Automatically running programs from a USB device, or the network.

These three methods make up nearly ninety percent of the attack methods used.

The auto-run settings can be turned off in Windows.  This prevents programs from starting automatically just by plugging in an infected USB device, for example.  Your company policy should be that USB devices are not to be brought in, and connected to company computers.  Disabling the auto-run is further protection against this avenue of attack.

Reducing the threat of infection from malicious code that requires direct user action, can best be done through education.  Helping your employees recognize these attempt to lure them into loading malicious software goes a long way towards securing your system.

In the cases that I have seen, where our customers ended up with infected machines, these two methods were used in almost all of them.  Most of the time, it is someone in the company getting an email, and opening the attachment, or clicking on the link.  In most of the other cases, it is someone bringing in a USB thumb drive, to show everyone pictures of their kids, or something like that.  Needless to say, the thumb drive is infected, because the person does not use any security software on their home system.

As always, none of this reduces the need for good anti-virus and anti-malware software.  It needs to be kept current, also, along with any security updates for your computer and software.

The Microsoft Security Intelligence Report, found that less than 1% of attacks were against unpatched vulnerabilities.  The rest were against vulnerabilities where a patch exists, or from direct user action.  Keep your systems up to date.
 

We All Know Viruses Can Be Harmful But…

Posted on by ccsretail

Risks of Ignoring Virus Warnings

Although most viruses can be removed from your system, they can also damage files, important files needed for your computer to run, access the Internet, even protect your PC.

I recently ran into a problem that required an OS to be re-installed.  Although I was able to get rid of the virus, and everything seemed to work except for 1 detail.  No matter what we tried, the PC could not resolve Internet names.  If you were not aware, the Internet works on IP addresses or numbers, meaning that even though you might type www.google.com in the address bar, the DNS service resolves or converts the name into a number.  In this case, the virus injected itself into key files of the network protocol stack.  This prevented looking up an Internet site to determine its IP.  A site could not be accessed unless the IP address was typed in.

I have developed fairly good skills for removing viruses from systems using various tools, without any ramifications to the rest of the system.  But in this case, I had no choice but to re-install the OS, starting from scratch and lose everything. 

The main cause of this problem was that, even though the security software warned the user of a potential problem, the user still went ahead and ran the risky program.  Of course there will be some false positives, but assuming this is not a good idea since this is seldom the case nowadays.

The moral of the story is, if your security software warns you of a potentially harmful program, research it a little before determining on your own that it wont hurt anything.  A couple extra minutes typing a file name into Google could have saved years of information that was lost by being too impatient.

For system questions and concerns contact the CCS Retail System Support Department at 800.672.4806 or email us

-Bryan

 

About Backup Training

Posted on by ccsretail

Importance of Cross-training

The old adage that “hindsight is better than foresight” really is true.  Looking backward, we can all see things that we’ve done, choices that we’ve made, that would have been different if only we had known the outcome in advance.  This is true in business just as it is true in our personal lives.

Today I received a support call from one of our customers who explained that the business was having multiple issues with their POS System.  They couldn’t post, their inventory was off, the system date was incorrect, their X tapes wouldn’t clear—the list went on and on.  Upon further questioning, I found that a key person had recently died, and there was nobody who understood the operation who could take over this person’s work.  As a result, many mistakes were made that were compounded in a 20-day period of time before the problems were reported, crippling the business’ operation.

Cross-training and multiple-training of employees in advance would have prevented this disaster.  A decrease in support cost and certainly in frustration would have occurred as a result.  It’s important to note, also, that prompt reporting of problems will lead to damage control.

In most businesses, employees can be away from the job for various reasons—illness, bereavement, vacations, out of town conferences, and many more.  Being prepared for those absences by making sure that your employees are fully trained is the key to preventing the unthinkable from happening.

At CCS, we have training classes available both on and off-site.  Our instructor has over thirty years of software and training experience.  We have a fully-equipped classroom, so that each student has his/her own computer for hands-on practice during the sessions.  Call us now at 800-672-4806 or email us  for more information on training for you and for your employees.                 

New Duqu Worm Has Infected Computers Worldwide, May Be Stuxnet 2.0

Posted on by ccsretail

“Both viruses use similar encryption keys and techniques, injection code and fraudulent digital certificates, which had been issued to companies in Taiwan. The digital certificate keys appear to be real, which also make the programs look legitimate,”eWeek said.

However, while Stuxnet was “designed to attack a very specific type of computer system” Duqu “does not appear to have a clear target,” eWeek said.

http://it.tmcnet.com/topics/it/articles/231428-new-duqu-worm-has-infected-computers-worldwide-may.htm

Son of Stuxnet – Coming to your network soon

Posted on by ccsretail

Son of Stuxnet – Coming to your network soon

Researchers have recently uncovered a new variant of the Stuxnet Worm Virus.  This variant has been dubbed "W32.Duqu" by Symantec, The original Stuxnet Worm was seen as unprecedented because of  it’s complexity and the potential ability to physically sabotage physical control systems for many varied types of businesses worldwide. 

W32.Duqu appears to share many of the same traits as the original Stuxnet Worm, however, it’s primary goal appears to be as an information gather tool on potential targets for future Cyber attacks.  This variant is primarily designed to record keystrokes and to gather other sensitive data on company networks for businesses running industrial control software, and then send that information back to the whatever person or group initiated the planting of the Worm.

Although no one has claimed responsibility for either of the Worms, it is rumored to be that it was likely created by a nation state such as the United States or Israel, as it was originally found on  only on Iranian Nuclear Refining and Nuclear power plant control servers.

The major concern here is that in the wrong hands, a tools such as this could be modified by hackers in such a way that it could wreak havoc on other industries such as agribusiness, shipping, distribution, and retailers.

Does your system currently have protection against such Worms?

If you aren’t sure, please contact CCS Retail Systems Support Department to schedule your security review.

 

Malware-Laden Fake Netflix App on the Loose?

Posted on by ccsretail

The app, called Android.Fakeneflic, is apparently a Trojan horse that steals information from Android devices when downloaded. As Asrar explains in a blog post, the faux app presents users with identical permissions to those provided by the legitimate Netflix app.

When the user clicks the "sign-on" button, an incompatibility screen will appear that recommends a second version of the app be downloaded to fix the problem. Asrar suggests that this is where the program begins capturing user data and posting it to an offline server.

http://www.tmcnet.com/topics/articles/228541-malware-laden-fake-netflix-app-the-loose.htm

Synchronizing time

Posted on by ccsretail

Having your computer keep correct time and date

Having your computer keep correct time and date is more important than some people realize.  Even if all you do is use it to send email, having an incorrect date can affect you.

With email sent from your computer, the date and time stamp that the email gets comes from your computer.  If the date or even the time is off by much, it can impact the delivery of your message.  Many anti-spam filters check the date that an email was sent, and if it is date stamped more than a few days in the past, the anti-spam software will filter it out.  Many times if it is date stamped in the future, it will be filtered out as well.  So if your computer date is off, it can cause your emails to not be delivered.  You will not get an error back, they will just not show up in the person’s mailbox.

With other applications, having the correct date and time is more important.  If you are running a point-of-sale system, for example, the date and time for a sale ticket are usually taken from the computer that the ticket was created on.

This happened to one of our customers a while back.  One of their employees had apparently opened the calendar on the point-of-sale workstation, to check when July 4 was.  They ended up setting the date to July 2, when it was actually the end of June.  From then on, the tickets that they did were dated a few days in the future.  When management checked the daily sales, the store was missing sales on the day that the date was changed.  The next day, it was missing all of its sales.

The data with the incorrect dates had to be corrected, and the date reset on the computer.  Fortunately, this had not impacted settling of their credit cards.  It easily could have, if the card processor had refused to settle them because of the incorrect date.

Fortunately, it is possible to have your computer set to always have the correct time.  There are several atomic clocks that are available via the Internet, and your computer can be set to synchronize with them.

At CCS Retail Systems, we have a couple of servers that synchronize to the atomic clocks.  The rest of our systems then synchronize to these servers.  The software that does the synchronization is intelligent enough to take into account the latency in communicating with the time servers. So, our computers are always within a few milliseconds of the actual time.

If you would like help implementing a system like ours, contact CCS Support.

Testing changes

Posted on by ccsretail

Testing Software Changes Before Use

At some point you are going to want to change your software, upgrade it to a new version, or migrate to a different package.

In all of these cases, you need to test the new setup, to make sure that it is working the way that you want with your existing data.  This needs to be done in a test environment before the actual live system is changed.  A test environment is conveniently created with a new company on the same server or the same company on a different server.

One big point, is that everything that you use needs to be checked in this test environment.  Ideally, the two are run parallel for a few days to make sure everything is operating correctly.  While this means a duplication of work, it can be time saving in the long run.  A simple test plan should be constructed to include the following topics:  (this is not a complete list rather a high-point list)

  • All daily usage cycles: opening, common functions, closing.  Make sure a user in each group tests all the functions commonly used: POS, Inventory, Sales, back-office, and any others.
  • All communications functions: card authorization, address verification, mobile users, and any others.
  • All printer functions: thermal, matrix, labels, bar-code, report, and any others.
  • Trial end-of-month and end-or-quarter
  • Backup and restore functions.
  • Security should be checked for breaches introduced.   You can use several open-source or commercial software products for this, such as Microsoft Basic Security Analysis.

Too many times a new system is "spot checked" instead.  By this, I mean that certain pieces are checked, and if they work as expected, it is assumed that the rest will.

This week, I once again had a customer take this approach on a somewhat major change to their system.  In this case the print subsystem was completely changed.  They checked many different parts, but sure enough there was an issue with their label printing.  They had not checked the labels, and assumed it would work.  This meant that there was a scramble to work out the issue with their labels.

Ultimately, they decided that they can work with the existing setup for now, while the labels are changed to high speed thermal printers, from their existing dot matrix ones.  While this will result in a better end product in the end, for a couple of days they have to put up with a small annoyance using their old printers.

If they had taken just a little more time in testing, this anomaly would have shown up then.  Which means that it would have been dealt with before changing their live system.
 

More proof of the importance of training

Posted on by ccsretail

More Proof of the Importance of Training

With the economy being what it is nowadays, some companies are trying to reduce their overhead by trimming their application software training costs. While this might seem like a good idea at first, most often it has the opposite effect. 

One primary area of concern is lack SOP (Standard Operating Procedures) for standard daily software tasks, and/or lack of a formalized training program.

One way to detect what is going on is to listen for the following often heard comments:

  • "I don’t have the time to do this" –  (May be a time management issue, or related to staffing levels)
  • "No one showed me how to do this" – (Limited or no training, poor retention)
  • "It takes too long to do this" – (lack of understanding, time management, lack of motivation, etc.)
  • "I tried it once, but the software doesn’t work, so I don’t do at all now" – (lack of training,lack of understanding of task importance)
  • "I thought that (insert name here) was supposed to do all of this" or "It’s not my responsibility to follow-up", "I’m not going to do this", "They aren’t paying me enough to do this" – (Attitude issues, and/or possibly work ethic issues, and/or a managerial delegation issue).

Here’s a recent example type of scenario…

Customer Statements:  "Our inventory is all screwed-up!  The computer quantities don’t match the physical quantities. When I scan some bar codes the wrong items come up. The sales history shows that we’ve sold more of numerous items than what we physically had on hand. When we do a physical count, it’s always way off, bigtime!"

The Analysis:  It was later determined that the staff was doing ALL of the following:

Warehouse…

  • Some Receiving transactions were being put on the shelves without barcode labels.
  • Some Receiving transactions were simply not received into the software, however, the items were put on the shelf.
  • New inventory items were added incorrectly.
  • When new items were entered into the system, the manufacturers barcode for a specific size/color was assigned to the wrong item.
  • The internal barcodes used during the auto-assignment process (for gridded items) that was supposed to be initiated by the user who was adding a new item, was not done. This means that the primary item would be selected when the barcode was scanned, however, the specific color/size would not be.
  • Barcodes for legitimate items were put on the wrong items before being placed on the shelves.

The end-user response (from all persons involved) was: "I don’t have time to do this", and "It takes too long to do this".

Point of Sale…

  • Clerk scans a barcode, which pulls up the wrong item number (meaning a set-up issue).  User ignores the issue, and sells the wrong item anyway.  Because the price coming-up is for another item number that what the clerk has in their hand, a price override is done.  The clerk makes no documentation of the issue for follow-up.  Issue continue to re-appear on future sales.
  • Clerk scans a barcode, which indicates that the item is "Not on file". In order to complete  the sale, the clerk then picks the first random item in the look-up screen, and then does  a price override.

End-user responses were all of:  "No one showed me how to do this", "It’s not my responsibility to follow-up on this", "It takes too long to do this".

While some of the above comments may point to both training and negative  work attitudes issues, often they go hand-in-hand… Proper training can go a long way to correct both issues.

For assistance with training your staff, and/or setting up your own software SOP, and dealing with the above data issues, please contact CCS Retail Systems Support department.

 

A Customer Service Story

Posted on by ccsretail

Providing what customers need, quickly, cheerfully and accurately is a necessity in any retail environment.
 

I recently returned from a wonderful vacation trip with my daughter. It was a ten-day cruise on a ship that carried 3,700 passengers and over 1,200 crew members. Stops were made in ports around the northern Mediterranean from Barcelona, Spain to Messina, Sicily.

People on board had needs including food, room cleaning, entertainment, laundry services, embarkment and disembarkment, safety instruction, tender services in ports, health and spa services and much more. I couldn’t help wondering how all of this could be accomplished without many problems that passengers were sure to complain about.

I was absolutely amazed at how great the service was! Even before we started the trip, we were invited to go to the cruise line’s website to have questions answered and to chat with others who would be on the cruise with us.

After boarding the ship, we were greeted by our room stewards immediately and they called us by name every time they saw us in a passageway thereafter. If we got lost on the ship, someone was always there (without being asked) to direct us to where we were going. We were asked if we had any special food needs in the dining room. Daily briefings were given to explain the next day’s port and what to expect on shore.

On the last day, when our bill was delivered to our cabin, we had a chance to go over all charges and question any discrepancies. Guess what? There weren’t any!

Do you think I’d choose this cruise line again? Of course I would! Good customer service will bring customers back again and again, whether it’s a cruise ship or a pet store. Providing what customers need, quickly, cheerfully and accurately is a necessity in any retail environment.

Counterpoint’s CPMobile and CustomerConnect are two features that make it easier for you to provide good service to your customers. If you would like more details about these features, call us at 800-672-4806 and learn about our current specials. You can also email us at sales@ccscentral.com.